How to prevent direct access on method?

lilmer · November 7, 2013

I'm using a method call from ajax. But how do I prevent the method not to be access directly?

I try.

 if(isset($_POST)){

 } else{
  die('Unauthorize page!'); 
}

but still i can be access directly. What is the safest way to prevent it accessing directly?

.josh · November 7, 2013

The short answer is there is no absolute 100% way to prevent it.

But there are some tricks to help weed out some of the bots and noobs. Google "ajax obfuscation" and feel free to post any specific questions.

lilmer · November 7, 2013

Okay,

I just use this

  if(!$_SERVER['HTTP_X_REQUESTED_WITH'])
  {
            die('Not authorize!');
  }

ignace · November 7, 2013

The X-Requested-With is send by all popular javascript libraries. Put it in comments and it would still have the same effect.

.josh · November 7, 2013

not to mention the fact that anybody can fake that header easy enough. Like I said:

The short answer is there is no absolute 100% way to prevent it.

But there are some tricks to help weed out some of the bots and noobs. Google "ajax obfuscation" and feel free to post any specific questions.

lilmer · November 11, 2013

Yeah. I get it. Thank you guys.

Sign In

How to prevent direct access on method?

Recommended Posts

lilmer

Link to comment

Share on other sites

.josh

Link to comment

Share on other sites

lilmer

Link to comment

Share on other sites

ignace

Link to comment

Share on other sites

.josh

Link to comment

Share on other sites

lilmer

Link to comment

Share on other sites

Join the conversation

Browse

Activity

Important Information